Vulnerabilities > Zend > Zendto > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-24 | CVE-2020-8985 | Cross-site Scripting vulnerability in Zend Zendto ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | 8.8 |
| 2020-03-24 | CVE-2020-8984 | Origin Validation Error vulnerability in Zend Zendto lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | 7.5 |